Risk evaluation
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer: Assets are evaluated considering how much damage the compromising of CIA aspects would bring to the organization. For example, what would be the impact of a web server unplanned downtime for a e-commerce business? What would be the impact of a inaccurate account report used in a merge transaction?
By identifying these impacts an organization would have information to decide which risk handle first.
This article will provide you further explanation about risk evaluation:
- How to assess consequences and likelihood in ISO 27001 risk analysis https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment
2 - What is residual risk acceptance criteria?
Answer: The residual risk acceptance criteria are the same aspects you consider when evaluating a risk, the difference being that they are applied after the application of controls deemed relevant to handle that risk.
This article will provide you further explanation about risk evaluation:
- Why is residual risk so important? https://advisera.com/27001academy/knowledgebase/why-is-residual-risk-so-important/
These materials will also help you regarding risk evaluation:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
Hi,
Thanks for the reply and valuable information. Is this asset evaluation is mandatory in iso 27001.?. Can you please tell me what is the risk residual acceptance criteria .
Thanks in advance
>1 - Is this asset evaluation is mandatory in iso 27001.?
Answer: Risk assessment is a mandatory clause for ISO 27001, but you can choose which methodology to use, and assessing assets risks is just one of them. You can use, for example, scenario analysis, interviews or checklists also.
This article will provide you further explanation about ISO 27001 requirements:
- ISO 31010: What to use instead of the asset-based approach for ISO 27001 risk identification https://advisera.com/27001academy/blog/2016/04/04/iso-31010-what-to-use-instead-of-the-asset-based-approach-for-iso-27001-risk-identification/
>2 - Can you please tell me what is the risk residual acceptance criteria .
Answer: The risk residual acceptance criteria are the same criteria you use to evaluate a risk. The difference is that they are applied to the risks after controls deemed necessary are implemented, so you can re-evaluate them to decide if additional treatment is necessary or if the risk as it is now will be accepted.
This article will provide you further explanation about residual risks:
- Why is residual risk so important? https://advisera.com/27001academy/knowledgebase/why-is-residual-risk-so-important/
These materials will also help you regarding ISO 27001 requirements and residual risk:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
Comment as guest or Sign in
Apr 11, 2017